projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6818154) | patch
libuv: fix CVE-2024-24806
authorHirokazu MORIKAWA <morikw2@gmail.com>
Fri, 16 Feb 2024 09:33:14 +0000 (18:33 +0900)
committerTianling Shen <cnsztl@gmail.com>
Tue, 20 Feb 2024 05:46:50 +0000 (13:46 +0800)
commit02a982bc10e8278905d0b76ac073b82192576433
tree74a829cbf9fc9a0fb6780532ca466d3a0c197775tree | snapshot
parent6818154a619aeb21eedb64589b48eb4cbfdc00eccommit | diff
libuv: fix CVE-2024-24806

Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks

Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e73530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
libs/libuv/Makefile diff | blob | history
Mirror of packages feed